Re: Restrict Generic Logins
From: columbus (columbus.1dad01_at_mail.mcse.ms)
Date: 09/28/04
- Next message: TJ: "task scheduler fails when group policy is updated"
- Previous message: Michael Iversen: "Re: Remote Desktop Policy on Windows XP"
- In reply to: matt: "Restrict Generic Logins"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 28 Sep 2004 05:29:45 -0500
Hi Matt,
Not 100% sure what you are trying to do but what you can have a look at
is to create a GPO for that container and block the in heritance of the
Default Domain Group Policy and then under the GPO specify what rights
needs to be applied.
Hope it helps
matt wrote:
> *For some of our PCs, we use generic logins in which every user of
> the PC
> signs in with the same username and password.
>
> Quite often, users will sign on to these PCs with an Active
> Directory
> account other than the generic one. As a result, configuration of
> the
> desktop, printers, IE, and other programs are incorrect and users
> can't use
> the programs they are supposed to use.
>
> The network administrator and I have discussed implementing a policy
> setting
> to restrict these PCs by allowing only administrators and the
> generic
> account the logon local privilege - preventing users from signing on
> with
> other accounts.
>
> Since the default domain policy grants the Everyone group the logon
> local
> privilege, we will have to apply this setting at the Active Directory
> level
> rather than on the local PC.
>
> Each PC will need its own policy because the generic account is
> different
> for each PC. We will link these policies to a high level OU and then
> grant
> access on each policy to only the PC account involved.
>
> If anyone has suggestions or comments on this, let me know. If you
> have a
> better way, I would be curious. Also, if you know of a way of doing
> it with
> a single GPO, that would be helpful, too. Please note that we
> realize
> generic accounts aren't the best way of doing things, but for the
> time being
> we would like to solve this problem without getting rid of generic
> accounts.
> Also, we are presently restricting the generic login to its
> corresponding PC
> (Active Directory setting). The question at hand is restricting the
> PC to
> the corresponding generic login.
>
> Thanks,
>
> Matt *
-- columbus ------------------------------------------------------------------------ Posted via http://www.mcse.ms ------------------------------------------------------------------------ View this thread: http://www.mcse.ms/message1104427.html
- Next message: TJ: "task scheduler fails when group policy is updated"
- Previous message: Michael Iversen: "Re: Remote Desktop Policy on Windows XP"
- In reply to: matt: "Restrict Generic Logins"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
